A hacker accessed the email account of an employee of EyeSouth Partners and potentially viewed or acquired the electronic protected health information (ePHI) of up to 24,000 patients. EyeSouth Partners, which is a business associate of South Georgia Eye Partners, Georgia Eye Associates, Georgia Ophthalmology Associates and Cobb Eye Center, became aware of the data breach on October 25, 2018.

EyeSouth Partners took immediate action to secure the employee’s email account and reviewed the security of its network. To avoid future email account breaches, enhanced security procedures to protect information have been implemented.

According to the breach investigation, the unauthorized person first accessed the email account on September 11, 2018 and access remained possible until October 25. Third-party computer forensics specialists assisted in the investigation of the breach and helped to identify which patients had had their ePHI compromised. The investigators informed EyeSouth Partners on December 19, 2018 that the hacker had potentially accessed email messages containing the ePHI of Georgia Eye Associates patients.

The exposed information varied for each patient. Information in the email messages and email attachments included patients’ names, addresses, email addresses, contact numbers, internal patient ID numbers, type of insurance carrier, insurance provider names, payment histories, summaries of charges, account balances and summaries of services and procedures. The Social Security numbers of a few patients were also exposed.